Patent · US Active

Modeling malicious behavior that occurs in the absence of users

US10452841B1 · kind B1 · utility

3Cited by

1References

20Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Acar Tamersoy · Culver City, US
Sandeep Bhatkar · Sunnyvale, US
Daniel Marino · Los Angeles, US
Kevin Roundy · El Segundo, US

Key dates

Filing date	May 1, 2017
Grant date	Oct 22, 2019
Priority date	—
Expiry date	Mar 24, 2038

Classification

Technology area (CPC G)Physics
CPC primaryG06N20/20
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Systems, apparatuses, methods, and computer readable mediums for modeling malicious behavior that occurs in the absence of users. A system trains an anomaly detection model using attributes associated with a first plurality of events representing system activity on one or more clean machines when users are not present. Next, the system utilizes the trained anomaly detection model to remove benign events from a second plurality of events captured from infected machines when users are not present. Then, the system utilizes malicious events, from the second plurality of events, to train a classifier. Next, the classifier identifies a first set of attributes which are able to predict if an event is caused by malware with a predictive power greater than a threshold.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.